Introduction
Ensuring the safety and security of the dYdX Chain software is our top priority. That’s why we are extensively testing and auditing the code to make sure that user funds are always safe. Today, we’re sharing that Informal Systems has fully audited the dYdX Chain code and all findings have been addressed by the dYdX team. Dive into the audit below.
Details of the Audit
Informal Systems implements a multi-layered, automated approach to their security audits and is well-versed in security for the Cosmos Ecosystem. They audited the dYdX Chain code in three phases.
Phase I covered:
- Custom modules: x/assets, x/perpetuals, x/epochs, x/sending, x/prices, x/subaccounts,
- Liquidation and price-feed daemons
- Custom changes to forked versions of CometBFT and Cosmos SDK.
Phase II covered:
- Custom modules: x/clob
- Custom changes to forked versions of CometBFT and Cosmos SDK.
Phase III covered:
- Custom modules: x/bridge, x/delaymsg, x/rewards, x/vest
- Bridge Daemon
- Additional custom changes to the forked version of CometBFT.
All phases of the audit are complete and we’re proud that zero critical issues currently exist within the dYdX Chain source code. The audit surfaced 1 critical issue (that is now resolved), 4 medium issues, 17 low issues and 19 informational issues. 34 of those issues were accepted and 5 issues were functioning as designed.
Thank you
Thank you to Informal Systems for their thorough audit and their commitment to help us ensure the safety and security of the dYdX Chain. We’re also hosting a bug bounty for the dYdX Chain software with payouts up to $5,000,000 depending on severity and eligibility. Any issues brought up in the audit or otherwise known by the dYdX team are not eligible for the bug bounty, and other terms and conditions apply. See the details here.
.avif)